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Abstract. We give the first cut-free ExpTime (optimal) tableau decision procedure for the logic 
CPDL re9 , which extends Converse-PDL with regular inclusion axioms characterized by finite au- 
tomata. The logic CPDL re9 is the combination of Converse-PDL and regular grammar logic with 
converse. Our tableau decision procedure uses global state caching and has been designed to increase 
efficiency and allow various optimization techniques, including on-the-fly propagation of local and 
■ global (in)consistency. 

> 

o 



> 

1 Introduction 



o 
o 



In this paper we study automated reasoning in the modal logic CPDL re9 , which is a combination 
of CPDL (propositional dynamic logic with converse |16|2|21j ) and REG C (regular grammar 
logic with converse [5 22J). The logic CPDL is widely used in many areas, including program 
verification, theory of action and change as well as knowledge representation (see, e.g., |16|9|7j ). 
The logic REG C can be used for modeling and reasoning about epistemic states of multi-agent 
systems [12] and Web ontologies |22|17j . 
O ' In the papers [6 8J written jointly with Dunin-K§plicz and Szalas, we show that CPDL re9 is 

a logical formalism suitable for expressing complex properties of agents' cooperation in terms of 
beliefs, goals and intentions. The logic CPDL re9 can also be used as a description logic (DL). As 
a combination of CPDL and REG C , it allows to use role constructors (by program constructors 
of CPDL) like the DL CIQ [9] and to use role inclusion axioms (by inclusion axioms of REG C ) 
similarly to the DL S1ZOIQ [17] (but by using automata instead of grammar rules). 

The mentioned works [6 8j present a tableau calculus leading to the first ExpTime (optimal) 
tableau decision procedure for CPDL re9 . Observing the rules of that calculus, it can be seen that 
the general satisfiability checking problem in CPDL re9 is reducible to the satisfiability checking 
problem in CPDL. However, translating the finite automata of a given CPDL re3 logic L into 
regular expressions and then applying an ExpTime (optimal) decision procedure like the ones 
given by us and Szalas [2T] or by Gore and Widmann [Td] for the resulted satisfiability problem 
in CPDL may require double exponential time in the size of the original problem. The reason is 
that the regular expressions resulted from translating the finite automata specifying L may have 
exponential lengths. One can also consider the method of translating REG C into CPDL given 
in [3] by Demri and de Nivelle. However, as CPDL re9 is much more complicated than REG C , 
it is not trivial at all how to generate that method for translating CPDL reg into CPDL and 
how efficient the approach would be. Therefore, as stated in [8], it is worth studying the direct 
approach for automated reasoning in CPDL re g. 

The tableau calculus given in our joint papers [6|8j for CPDL reg uses analytic cuts and 
therefore is not efficient in practice. In this paper we improve that calculus by eliminating 
cuts to give the first cut-free ExpTime (optimal) tableau decision procedure for CPDL reg . Our 
calculus uses global state caching as in the works |14|15j by Gore and Widmann. It also uses 
local caching for non-states of tableaux. 

The idea of global caching comes from Pratt's paper on PDL [23]. In |ll|12|lij] together 
with Gore we formalized and applied it to the modal logics REG (regular grammar logics), 
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BReg (regular modal logics of agent beliefs) and the description logic SHI to obtain ExpTime 
(optimal) tableau decision procedures for these logics. Later, together with Szalas we extended 
the method to give ExpTime (optimal) tableau decision procedures for the logics PDL [23], 
CPDL [21] and REG C [22]. In |13|21|22] we used analytic cuts to deal with inverse roles and 
converse modal operators. As cuts are not efficient in practice, Gore and Widmann developed 
the first cut-free ExpTime tableau decision procedures, based on global state caching, for the 
DL ACCX [33] and CPDL [S]. 

In the current paper, we use the idea of global state caching and a slightly different technique 
to deal with converse modal operators for CPDL res . We check "compatibility" of a non-state 
w with its predecessor-state v as soon as possible and do not require w to be "saturated". 
In |14|15] Gore and Widmann require w to be "saturated" before checking the compatibility, 
which has a serious drawback, for example, when the label of v is of the form {p, (a)[a~]^p, 
M((pi V51) A. . . A(p n Vq n ))}. Besides, we tend to give a higher priority for the current branch even 
when it involves converse, while Gore and Widmann |14|15] tend to delay solving incompatibility 
w.r.t. converseQ Our technique of dealing with converse modal operators for CPDL reg can be 
described as follows: if a state v is "toosmall" due to the lack of a formula <p and a non-state 
u is the unique predecessor of v then delete the edge (u, v) and connect u to two nodes v\ and 
V2 (which are created when necessary) such that v\ extends v with cp and is similar to v but 
always "disallows" ip (i.e. if any non-state w having V2 as the predecessor-state requires adding 
ip to V2 then we give w status unsat). For simplicity, in the current version of this paper we do 
not consider separately the case when v is "toosmall" due to the lack of a set {ipi, . . . ,(fk} of 
formulas (like an "alternative set" |14|15| ) with k > 1. The slowdown is not high as we check 
"compatibility" between nodes as soon as possible. A generalization of our method for this case 
is straightforward: we delete the edge (u,v) and connect u to nodes t>o, v\,. . . ,Vk (which are 
created when necessary) such that vq extends v with {<p\, . . . , (fk} and, for each 1 < i < k, V{ is 
similar to v but always disallows ipi. 

Apart from [6|8|14 15]. some other papers that are most related to ours are: Pratt's paper [23] 
on PDL, Demri's paper [3] of REG, the paper [5] by Demri and de Nivelle on REG C , the paper [2] 
by De Giacomo and Massacci on CPDL. Also, one can translate the satisfiability problem of 
CPDL re9 into the satisfiability problem of modal //-calculus with converse or the emptiness 
problem of automata on infinite trees. The former one is often translated into the latter one 
(see Vardi's work [26]). Checking emptiness of an automaton on infinite trees can be reduced to 
checking who has a winning strategy in a graph of game, which is similar to "and-or" graphs used 
in the current paper. However, the construction of such a tree automaton itself is a weak point 
of the approach. As stated in [T], optimization techniques have not been adequately studied for 
theorem proving based on tree automata, and this is why the approach is not used in practice 
for theorem proving in description logics (which are closely related to modal logics). 

The rest of this paper is structured as follows. In Section [2] we give definitions for the logic 
CPDL reg . In Section [3] we present our tableau calculus for CPDL re9 . In Section Owe give an 
ExpTime tableau decision procedure for checking satisfiability of a set of formulas w.r.t. a set 
of global assumption in CPDL re9 . We conclude in Section [71 

2 Preliminaries 

Let E+ be a finite set of symbols. For a G , we use a~ to denote a fresh symbol, called the 
converse of a. Let E- = {a~ \ a G E + } and U = E + U We call U an alphabet with converse. 
For g = o~ € define g~ = a. 

A context-free semi-Thue system S over U is a finite set of context-free production rules 
over alphabet U. We say that S is symmetric if, for every rule a — > gi . . . Qk of S, the rule 



1 We use the verb "tend" because any systematic search strategy is applicable for both [14115] and the current 
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<t~ — > qZ ■ ■ ■ Qi also belongs to S. A context-free semi-Thue system S over £ is called a regular 
semi-Thue system S over E if, for every a G S, the set of words derivable from a using the 
system is a regular language over U. 

A context-free semi-Thue system is like a context-free grammar, but it has no designated 
start symbol and there is no distinction between terminal and non-terminal symbols. 

Similarly to [5], we assume that any regular semi-Thue system S is given together with a 
mapping A that associates each a G U with a finite automaton A CT recognizing words derivable 
from a using S. We assume that for a G E, the word a is derivable from a by such a system. 
We call A the mapping specifying the finite automata of S$ 

A finite automaton A over alphabet £ is a tuple {E,Q, 1,6, F), where Q is a finite set of 
states, / C Q is the set of initial states, 6 C Q x 17 x Q is the transition relation, and F C Q is the 
set of accepting states. A run of A on a word £i ... Qk is a finite sequence of states qo,qi, . . . ,qt 
such that qo £ I and 6{qi-\, Qi,qi) holds for every 1 < i < k. It is an accepting run if gj. € F. 
We say that A accepts a word w if there exists an accepting run of A on w. The set of words 
accepted by A is denoted by C{A). 

We use V1ZOV to denote the set of propositions (i.e., atomic formulas) and use letters like p 
to denote its elements. We call elements of E + atomic programs, and call elements of U simple 
programs. We denote simple programs by letters like a and g. 

Formulas and programs in the base language of CPDL re5 are defined respectively by the 
following BNF grammar rules: 

if ::= T | _L | p \ -up |c^— ^I^Ai^l^Vi^l (a)(p \ [a]tp 
a ::= a | a; a \ a U a \ a* \ oT \ ipl 

We use letters like a, /3 to denote programs, and ip, ip, £ to denote formulas. Given binary 
relations R\ and R2, by R\ o R 2 we denote their relational composition. 

A Kripke model is a pair M = (A M , - M ), where A M is a set of states, and - M is an interpre- 
tation function that maps each proposition p to a subset p M of A AI , and each atomic program 
a G to a binary relation <r M on A . The interpretation function is extended to interpret 
complex formulas and complex programs as follows: 

T M = A M , J_ M = 

{^) M = A M \ <p M , {ip -> V) M = (->¥> V V) M 

a V) M = n (pv V) M = v M u ^ M 

«a)¥») w = {x G Z\ M I 3y[a M (x,y) A V9 M (y)]} 
([a]y>) w = e ^ M I Vy[a M (x,y) ->• (^ A/ (y)]} 
(a;/3) M = a M o(3 M 

(aU/3) M = a M U/3 M , ( a *) M = (a M )* 
(a-)^ = (a M )- 1 = {(y^)l(x,y)Ga M } 

(y,?)^ = {( X: x) I (^ M (x)}. 

We write M, w \= ip to denote w G ip M . For a set X of formulas, we write M, w \= X to denote 
that M, u; |= <p for all y G X. If M, |= <p (respectively, M,w \= X), then we say that M 
satisfies ip (respectively, X) at w, and that p (respectively, X) is satisfied at w in M. We say 
that M validates X (and X is valid in M) if M, w \= X for all w G A M . 

Note that the definition of (o~~) M is compatible with the assumption (cr~) = a. 

Let S be a symmetric regular semi-Thue system over E. The CPDL res logic corresponding 
to S, denoted by CPDL(S), is characterized by the class of Kripke models M such that, for 



2 Note that it is undecidable to check whether a context-free semi-Thue system is regular since it is undecidable 
whether the language generated by a linear grammar is regular |18| . 
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every rule a — > g\ . . . Qk of S, we have that gf o • • • o g^ 1 C <r A/ . Such a structure is called an 
L-model, for L = CPDL(S). 

Let L be a CPDLye^ logic and X, L be finite sets of formulas. We say that X is L-satisfiable 
w.r.t. the set L of global assumptions if there exists an L-model that validates L and satisfies 
X at some state. 

We say that two sets X and Y of formulas are L-equivalent if for every L-model M and every 
state w of M, (M, w \= X) iff (M, w |= Y). 

A formula or a program is in negation- and- converse normal form (NCNF) if it does not 
use the connective — >, uses the operator -i only immediately before propositions, and uses the 
converse program constructor ~ only for atomic programs. 

Every formula <p (respectively, program a) can be transformed to a formula <p' (respectively, 
program a') in NCNF that is equivalent to ip (respectively, a) in the sense that for every 
Kripke model M, <p M = (ip') M (respectively, a M = (a') M ). For example, the NCNF of formula 
-i[((<Ti U 02); 03; ( _,_, p)?) _ ](g V -ir) is (p?; (o"3 - )*; U o-2~))(->q A r). In this paper we assume 
that formulas and programs are represented in NCNF and write Tp to denote the NCNF of -193. 

The alphabet 27(a) of a program a and the regular language £(a) generated by a are specified 
as follows □ 

E(a) = 27 C(a) = {a} 

u(p?) = {p?} ciipi) = W?} 

2709; 7) = 2709) U 27( 7 ) C(fc 7) = C(J3).£fr) 

27(/3 U 7) = 27(/3) U 27( 7 ) £09 U 7) = £09) U £(7) 

Z(f3*) = 27(/3) £(/3*) = (£(/3))* 

where for sets of words M and TV, M.iV = {a/3 \ a G M,f3 G A^}, M° = {e} (where e denotes 
the empty word), M n+1 = M.M n for n > 0, and M* = U n>0 M ™- 

We will use letters like co to denote either a simple program from 27 or a test (of the form 
93?). A word . .ujk € £(a) can be treated as the program (uj\; . . . ;uj)~), especially when it 
is interpreted in a Kripke model. As a finite automaton A over alphabet 27(a) corresponds to 
a program (the regular expression recognizing the same language), it is interpreted in a Kripke 
model as follows: 

A M = J {7 M 1 7 G £{A)l (1) 



3 A Tableau Calculus for CPDL reg 

From now on, let S be a symmetric regular semi-Thue system over 27, A be the mapping 
specifying the finite automata of S, and L be the CPDL re9 logic corresponding to S. In this 
section we present a tableau calculus for checking L-satisfiability. 

For each program a, let A a be a finite automaton recognizing the regular language £(a). 
For each program a £ 27, let A a be a finite automaton recognizing the language £(c/)> where 
a' is obtained from a by substituting each a G 27 not inside any test by a regular expression 
representing £(A CT ). 

The automaton A a can be constructed from a in polynomial time, and A a can be constructed 
in polynomial time in the length of a and the sizes of the automata (A a ) ae jj. Roughly speaking, 
A a can be obtained from A a by simultaneously substituting each transition (qi,cr, 92) by the 
automaton A CT . 

From now on, let X and L be finite sets of formulas in NCNF of the base language. For 
the tableau calculus defined here for checking L-satisfiability of X w.r.t. the set L of global 
assumptions we extend the base language with the auxiliary modal operators n ff1 [A,q] and 
(A, q), where a £ 27, A is either A a or A a for some program a occurring in X or L in the 
form [a](p or (a)(p, and q is a state of A. Here, [A,q] and (A,q) stand respectively for [(A, q)] 



3 Note that S(a) contains not only simple programs but also expressions of the form ( (/??), and a program a is 
a regular expression over its alphabet £{a). 
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and ((A, q)), where (A,q) is the automaton that differs from A only in that q is its only initial 
state. We call [A,q] (respectively, (A, q)) a universal (respectively, existential) automaton-modal 
operator. 

In the extended language, if ip is a formula, then □ (T (/?, [A, q]ip and {A, q)ip are also formulas. A 
formula □ cr y has the same semantics as {o~]ip, i.e. (p a ip) M = (\o]ip) M . The semantics of formulas 
[A, q](p and (A,q)(p are defined as usual, treating (A,q) as a program with semantics specified 
by©- 

Despite that O a ip has the same semantics as [cr](p, the operator D CT behaves differently from 
[<j] in our calculus. Given a Kripke model M and a state w G Z\ M , we have that u; € (L4, (?]</j) M 
(respectively, w G ((A,g)</?) M ) iff 

Wj- G for all (respectively, some) u>/% G Zl A/ such that there exist a word u)\ . . . Uf* 
(with k > 0) accepted by (A,g) with (w,Wk) G (wi; . . . ;uk) M ■ 

The condition (w,Wk) G (u>i; . . . ; 0Jk) M means there exist states wq = w, w\, . . . , Wf.-i of M 
such that, for each I < i < k, if LU{ <E U then (wi-i,Wi) G wi^, else u>i = (ipi*?) for some and 
= W{ and id, G Clearly, (A,q) is dual to [A,q] in the sense that (A,q)<p = ->[A,q]-np 
for any formula ip. 

We will use the following convention: 

— given a finite automaton A, we always assume that A = {Ua, Qa, Iai $a, Fa) 

- for q G Qa, we define S A (q) = {(u,q') I (q,u,q') G <5a}- 

Lemma 3.1. Let M be a Kripke model, a be a program, ip be a formula, and A be a finite 
automaton over £ (a). Then: 

1. ifI A = {qi,..., q k } then A M = (A, Ql ) M U . . . U {A, q k ) M 



M a M 

M _ //a w v/ / a „, \,„\M 



2. a M = A a 



3. iflAa ={gi,...,9fc} then{{a)p) M = ((A Q , q\)<p V ... V (A Q , qk)<p) 
4- if M is an L-model then 
(a) A^f = 

W «/^A a = {«., ■■■,?*} then ([®}<f) M = ([A Q , qi]p A . . . A [A a ,g fe ](^>) M . 

Proof. The assertions [1] and [2] clearly hold. The assertion [3] follows from the assertions [T] and [2j 
For the assertion I4al just note that M is an L-model and, for every a G S, A a accepts a. The 
assertion I4bl follows from the assertions [H [21 and 0aj < 

In what follows we define tableaux as rooted "and-or" graphs. Such a graph is a tuple 
G = (V, E, u), where V is a set of nodes, E C 1/ x V is a set of edges, v G V is the root, and 
each node v € V has a number of attributes. If there is an edge (v, w) G E then we call v a 
predecessor of and call w a successor of u. The set of all attributes of v is called the contents 
of v. Attributes of tableau nodes are: 

— Type{v) G {state, non-state}. If Type{v) = state then we call v a state, else we call v a 
non-state (or an internal node). A state is never directly connected to a state. 

— Status (v) G {unexpanded, expanded, incomplete, unsat, sat}. 

— Label{v) is a finite set of formulas, called the label of v. 

— RFmls{v) is a finite set of formulas, called the set of reduced formulas of v. 

— DFmls{v) is a finite set of formulas, called the set of disallowed formulas of v. 

— StatePred(y) G V U {null} is called the state-predecessor of v. It is available only when 
Type{v) = non-state. If v is a non-state and G has no paths connecting a state to v then 
StatePred(v) = null. Otherwise, G has exactly one state u that is connected to v via a path 
not containing any other states. In that case, StatePred(v) = u. 
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— CELabel(v) is a formula of the form (a) (p. It is called the coming edge label of v and is 
available only when v is a successor of a state. Informally, if CELabel(v) = {o~)<p and u is 
the predecessor of v then (cr)(p G Label (n) and this formula is realized at u by creating a 
transition to v (transitions are done only for states). 

— ATPred(v) G V is called the after-transition-predecessor of v. It is available only when 
Type{v) = non-state. If v is a non-state and vq = StatePred(v) 7^ null) then there is exactly 
one successor v\ of vq such that every path connecting vq to v must go through v\, and we 
have that ATPred{v) =v\. If v is a non-state and StatePred(v) = null then ATPred(v) is set 
to the root v. 

— FmlSC{v) is a formula called the formula suggested by converse. It is available only when 
Type{v) = state and Status(v) = incomplete. In that case, it means that some node w with 
StatePred{w) = v wants cp G Label(v) U RFmls{v) but it does not hold. The formula p is 

ATPred(w), CELabel(vi) is of the form {a)ip and 



Label(v) U RFmls(v) 
{Tp I p G DFmls(v)} 
AFmls(i;) U NDFmls(v) 
J and-node if Type(v) = state 
\or-node if Type(v) = non-state 
v has a successor which is a state 
(ATPred(v) = v) 

AFmls(v) is called the available formulas of v. In an "and-or" graph, states play the role of 
"and"-nodes, while non-states play the role of "or"-no(ies|f| 

By the local graph of a state v we mean the subgraph of G consisting of all the paths starting 
from v and not containing any other states. Similarly, by the local graph of a non-state v we 
mean the subgraph of G consisting of all the path starting from v and not containing any states. 

We apply global state caching in the sense that if v\ and V2 are different states then 
Label{v\) 7^ Label (V2) or RFmls(vi) ^ RFmls{v2) or DFmls{y\) 7^ DFmls{v2). If v is a non- 
state such that Af terTrans(u) then we also apply global caching for the local graph of v. That 
is, if wi and W2 are different nodes of the local graph of v then Label{w\) ^ Label(w2) or 
RFmls{wi) 7^ RFmls (1V2) or DFmls(wi) ^ DFmls (102)- 

Our calculus CL for the CPDL reg logic L will be specified, amongst others, by a finite set of 
tableau rules, which are used to expand nodes of tableaux. A tableau rule is specified with the 
following information: 

— the kind of the rule: an "and" -rule or an "or" -rule 

— the conditions for applicability of the rule (if any) 

— the priority of the rule 

— the number of successors of a node resulting from applying the rule to it, and the way to 
compute their contents. 

Tableau rules are usually written downwards, with a set of formulas above the line as the 
premise, which represents the label of the node to which the rule is applied, and a number of 
sets of formulas below the line as the (possible) conclusions, which represent the labels of the 
successor nodes resulting from the application of the rule. Possible conclusions of an "or" -rule 
are separated by |, while conclusions of an "and" -rule are separated by &. If a rule is a unary 
rule (i.e. a rule with only one possible conclusion) or an "and"-rule then its conclusions are 



expected to be present at v when, for v\ ■ 
O a -p G Label(w). 

We define 

AFmls(w) = 
NDFmls(v) = 
FullLabel(v) = 

Kind(w) = 

Bef oreFormingState(w) = 
Af terTrans(v) = 



4 But this is not necessarily true for ("and-or" graphs in) other logics. 
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"firm" and we ignore the word "possible". The meaning of an "or" -rule is that if the premise 
is L-satisfiable w.r.t. L then some of the possible conclusions are also L-satisfiable w.r.t. L, 
while the meaning of an "and"-rule is that if the premise is L-satisfiable w.r.t. L then all of 
the conclusions are also L-satisfiable w.r.t. L (possibly in different states of the model under 
construction) . 

Such a representation gives only a part of the specification of the rules. 

We use Y to denote a set of formulas, write Y, tp to denote Y U {tp} and write Y, L to denote 
Y U r. Our tableau calculus CL for the CPDL reg logic L w.r.t. the set L of global assumptions 
consists of the rules which are partially specified in Table Q] together with two special rules 
(forming-state) and (conv), which will be explained later. 

For any rule of CL except (forming-state) and (conv), the distinguished formulas of the 
premise are called the principal formulas of the rule. The rules (forming-state) and (conv) have 
no principal formulas. 

As usual, we assume that, for each rule of CL described in Table [TJ the principal formulas 
are not members of the set Y which appears in the premise of the rule. 

The rule (trans) is the only "and" -rule and the only transitional rule. Instantiating this rule, 
for example, to the set {{a)p, (a)q,O a r} as the premise and L = {s} we get two conclusions: 
{p, r, s} and {q,r,s}. Expanding a state v in a tableau by the rule (trans), each successor 
Wi of v is created due to a corresponding principal formula (o~i)tpi of the rule and we have 
CELabel(wi) = {cr^tpi. 

The other rules of CL are "or" -rules, which are also called static rules. The intuition behind 
distinguishing between static/transitional is that static rules do not change the state of the 
model under construction, while each conclusion of the transitional rule forces a move to a new 
state. The transitional rule is used to expand states of tableaux, while the static rules are used 
to expand non-states of tableaux. 

For any state w, every predecessor v of w is always a non-state. Such a node v is expanded and 
connected to w by the static rule (forming-state). The nodes v and w correspond to the same 
state of the Kripke model under construction. In other words, the rule (forming-state) "trans- 
forms" a non-state to a state. The idea is to separate internal nodes (i.e. non-states) from states, 
which are globally cached. The rule (forming-state) guarantees that, if Bef oreFormingState(f ) 
holds then v has exactly one successor, which is a state. 

Expanding a non-state v of a tableau by a static rule p 6 {(A), (V), (autn), (auto), ([A]), 
([A]/), (□?)} which uses (p as the principal formula we put tp into the set RFmls(w) of each 
successor w of v by setting RFmls(w) := RFmls(v) U {ip}. We use RFmls(w) to disallow ex- 
panding w by static rules which use a formula from RFmls(w) as the principal formula (i.e. to 
block reducing the formulas from RFmls(w) twice). If a non-state v is expanded by a static rule 
p € {((A)), ((A)f), (O?), (conv)} and w is a successor of v then we set RFmls(w) := RFmls(v). 
Thus, we do not use the attribute RFmls to disallow the rules ((A)), ((A)/), (O?) (in order to 
be able to fulfill eventualities of the form (A, q)<p). If v is expanded by the rule (trans) and w is 
a successor of v then we set RFmls(w) := 0. 

Let vq,vi, ■ ■ ■ ,Vk be a path of a tableau such that k > 1, Type(vo) = state and Type(vi) = 
non-state for 1 < i < k. Suppose that CELabel(v\) = (cr)ip and ^ a -<p 6 Label(vk). If vq 
corresponds to a state x of a Kripke model M, then all vi, . . . , Vk correspond to a state y of 
M such that (x,y) S a M . The formulas from Label(v^) are supposed to be satisfied at y in M, 
which causes tp satisfied at x in M. So, (p is expected to belong to AFmls(uo) (i.e. we should 
realize tp at vq). What should be done in the case ip £ AFmls(uo) ? We will not simply add tp to 
Label(vo), as Vk is only one of possibly many "or" -descendants of vq, and adding tp to Label(vo) 
may affect the other "or" -descendants of vq (which is not allowed). If tp g DFmls(vo), which 
means tp is disallowed in vq, then Status(vk) becomes unsat, which intuitively means that the 
"combination" of vq and Vk is L-unsatisfiable w.r.t. L. In the other case, Status (vq) becomes 
incomplete, the predecessors of vq will be re-expanded by the rule (conv) either to have tp (by 
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. , Y, (p A ib „ ,. Y, <p V ib 

( A ) ir- ., ( v ) 



Y,<p,i/> v ' Yy\Y,ib 



I + \ F > a V -err l 

[auto) -rry-r ; r-r p- if 1a„ = ■ ■ ■ , qk} 

, . Y, {a)ip ( a S, a is not a test, 

° Y, {Aa,qi)ip | ... | y, {A a ,q k )(p 1 \and I Aa = {qi,...,q k } 



if <5a(<?) = {(ui,qi), (oj k ,q k )} and q g F A 
Y,[A,q]y 



([A] 
((A)) - 



Y,n Ul [A, qi ]<p,...,n Uk [A,q k ]<p 

Y,(A,q)<p 

Y,{ui)(A,qi)<p | ... | Y,{u k )(A,q k )<p 



if S A (q) = {(uJi,qi), (uj k ,q k )} and q E F A : 

/r A i ,\ y[Ag]<? 

J/; y □ Wl [^ J gi]^,... ) n w JA ) g fe ] ¥ >, ¥ > 

u ;/j y,(o; 1 )(Agi>^|...|y,K>(A,g fc >^|y,^ 



where 



, , y,{a 1 )y>i,...,(a t fa 

ltransj y l5 ^,r& ... &y fc ,^ fe ,r 

fe > 1, y contains no formulas of the form (cr)(p, 
and Yi — {tb : O ai ij) £ y} for every 1 < i < k 



Table 1. Some rules of the tableau calculus CL for a CPDL reg logic L. 



adding ip to the attribute Label) or to disallow tp (by adding <p to the attribute DFmls). For 
details, see Steps 3-6 of procedure Apply given on page [10] (where w plays the role of vq). 

The priorities of the tableau rules are as follows (the bigger, the stronger): unary static rules 
except (/ ' or ming- state): 5; non-unary static rules: 4; (/ or ming- state): 3; (trans): 2; (conv): lH 

The conditions for applying a rule p ^ (conv) to a node v are as follows: 

— the rule has Label(v) as the premise 

— all the conditions accompanying with p in Table Q] are satisfied 

— if p = (trans) then Type(v) = state 

— if p ^ (trans) then Type(v) = non-state and 

• if p € {(A), (V), (autn), (auto), ([A]), ([A]/), (□?)} then the principal formula of p does 
not belong to RFmls(v) 

• no static rule with a higher priority is applicable to v. 

Application of a tableau rule p to a node v is specified by procedure Apply(p, v) given on page 
flOl Auxiliary functions are defined on page [9j Procedures used for updating and propagating 
statuses of nodes are defined on page [TTJ The main function Tableau(A, r) is also defined on 
page[TTJ It returns a rooted "and-or" graph called a CL-tableau for (X,T). 



5 The rule (conv) is not chosen like the others but only invoked at another part of the algorithm (namely 
Procedure UpdateStatus). 
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Function NewSucc(t;, type, ceLabel, label, rFmls, dFmls) 

Global data: a rooted graph (V,E,v). 
Purpose: create a new successor for v. 

1 create a new node w, V :— V U {w}, if v ^ null then E := E U {(v, w)}; 

2 Type(w) := type, Status(w) := unexpanded; 

3 Label(w) := label, RFmls(w) := rFmls, DFmls(w) := dFmls; 

4 if type = non -state then 

5 if v = null or Type(v) = state then 

6 | StatePred(w) := v, ATPred(w) := «!, CELabel(w) := ceLabel 

7 else StatePred(w) := StatePred(v), ATPrediw) := ATPred(v) 

8 return u> 



Function FindProxy(iype, root, label, rFmls, dFmls) 

Global data: a rooted graph (V, E, v). 

1 if type — state then W := V else : = 

2 if there exists v £ W such that Type(v) 
DFmls(v) — dFmls then return v 

3 else return null 



Function ConToSucc(t> , type, ceLabel, label, rFmls, dFmls) 
Global data: a rooted graph (V,E,v). 

Purpose: connect v to a successor, which is created if necessary. 

1 if type — state then root := null else root := ATPred(v) 

2 w :— FindProxy (type, root, label, rFmls, dFmls); 
s if null then E ■— E U {(v, w)} 

4 else w := NewSucc(w, type, ceLabel, label, rFmls, dFmls); 

5 return w 



Function TUnsat(u) 
i return _L 6 Label (v) or there exists {f,Tp} C Label(v) 



Function TSat(u) 
i return no rule except (conv) is applicable to v 



Function ToExpand 

Global data: a rooted graph (V, E, v). 

1 if there exists v 6 V with Status(v) = unexpanded then return /* any such */ v 

2 else return null; // various ''search strategies'' can be applied here 



Example 3.2. Consider the regular grammar logic with converse L that corresponds to the fol- 
lowing semi-Thue system over alphabet {a, Q,cr~ , g~}: 

{g — > a~ g, g — > a, g~ — > g~~a, g~ — > cr - }. 

The set of words derivable from g is characterized by (a~)*(a + g). Let 

A, = ({a, g, a-,g-}, {0, 1}, {0}, {(0, a~,0), (0, a, 1), (0, g, 1)}, {1}). 

In Figures Q] and [2] we give an "and-or" graph for ({{cr)(p A [^] _i p)},0) w.r.t. CL. The nodes 
are numbered when created and are expanded using DFS (depth-first search). At the end the 
root receives status unsat. Therefore, by Theorem 13.41 (a)(pA [g]^p) is L-unsatisfiable. < 

Observe that: 

— An application of the rule (conv) to a node v may cause a sequence of other applications of 
this rule to "ancestor nodes" of v and may put formulas far back of the tableau. 



= the nodes of the local graph of root; 
= type and Label(v) — label and RFmls(v) — rFmls and 
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Procedure Apply(p, v) 



Global data: a rooted graph (V, E, v). 

Input: a rule p and a node v £ V s.t. if p 7^ (conv) then Status(v) = unexpanded else 

Status(v) — expanded and Bef oreFormingState(«). 
Purpose: applying the tableau rule p to the node v. 

if p — (forming -state) then 

! ConToSucc(w, state, null, Label(v), RFmls(v), DFmls(v)); 
else if p — (conv) then 

let w be the only successor of v, E := E\ {(v,w)}, ip := FmlSC(w); 
ConToSucc(u, non-state, null, Label(v) U {ip}, RFmls(v), DFmls(v)); 
ConToSucc(t), non-state, null, Label(v), RFmls(v), DFmls(v) U {<fi}); 
else if p — (trans) then 

let Yi , . . . , Yk be the possible conclusions of the rule; 
let V>i, . . . , tpk be the corresponding principal formulas; 
foreach 1 < i < k do NewSucc(w, non-state, ipi, Yi, 0, 0) 



1 

2 
3 
4 
5 

6 
7 
8 
9 
10 
11 
12 
13 
14 
15 



else 



let Yi, . . . , Yk be the possible conclusions of the rule; 
if p € {((A)), ((A)/), (O?)} then Z := RFmls(v) 
else Z := RFmls(v) U {the principal formula of p}; 
foreach 1 < i < k do ConToSucc^, non-state, null, Yi, Z, DFmls(v)) 

16 foreach successor w of v with Status(w) ^ {incomplete, unsat, sat} do 

17 if TUnsat(™) then Status(w) := unsat else 
is if Type(w) = non -state then 

19 uo := StatePred(w), ui := ATPred(w); 

20 if t/iere exist □ CT -^ 6 Label(w), CELabel(u\) — (o)ip, ip AFmls(Mo) then 

21 if ip € DFmls(uo) then Status(w) := unsat 

22 else 

23 Status(uo) := incomplete, FmlSC(u ) := ip; 

24 PropagateStatus(uo), return 

25 if Status(w) ^ unsat and TSat(w) then Status(w) := sat 

26 Status(v) :— expanded, UpdateStatus(u); 

27 if Status(v) £ {incomplete, sat, unsat} then PropagateStatus(w) 



- If the logic L is essentially a REG C logic, then no formulas of the form {A,q)ip occur in 
tableaux (and we do not have to check "global consistency"). 

Define the length of a formula <p to be the number of symbols occurring in (p. For example, 
the length of (A a ,q)tp is the length of ip plus 5, treating A CT as a symbol. Define the size of 
a finite set of formulas to be the length of the conjunction of its formulas. Define the size of 
a finite automaton (U, Q, I, 5, F) to be \Q\ + |/| + \5\ + \F\. 

For a set Y of formulas, the set of basic subformulas of Y ', denoted by bsf(Y), consists of 
all formulas if and Tp of the base language such that either ip G Y or ip is a subformula of some 
formula of Y. The set closureL{Y) is defined to be the union of bsf(Y) and the following two 
sets: 

- {[A a ,q}ip, U u [A a ,q]ip \ [a](p G bsf(Y), q G Q Aa and uj G S Aa } 

- {(A a ,q)<p, (u)(A a ,q)ip \ (a)<p G bsf(Y), a E, a is not a test, q G Qa q and u) G E Aa }. 

Lemma 3.3. Let h = \U\ and let k be the sum of the sizes of the automata A a (for a G YI), I 
be the size ofXUT, and n be the size of closure l{X U r). Let G = {V,E,u) be a CL-tableau for 
(X,r). Then n is polynomial in k.h.l and, for every v G V : 

1. The sets Label{v), RFmls(v), DFmls{v) and NDFmls(i;) contain only formulas from 
closure l(X U r). 

2. RFmls(v) does not contain formulas of the form (A,q)p or (ip?)y>. 
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Function Tableau(X, r) 

Input: finite sets X and r of concepts in NCNF of the base language. 
Global data: a rooted graph (V,E, v). 

1 v := NewSucc(null, non-state, null, X U T, 0, 0); 

2 if TUnsat(j/) then Status(u) := unsat 

3 else if TSat(^) then Status (y) := sat; 

4 while [v := ToExpand()) 7^ null do 

5 choose a tableau rule p different from (conv) and applicable to v; 

6 Apply(p,?;); // defined on page 1101 

7 foreach meV such that Status (w) = incomplete do 

8 |^ delete the local graph of w except the node w 

9 return (V, E, v) 



Procedure UpdateStatus(u) 

Global data: a rooted graph (V,E,v). 

Input: a node v € V with Status (v) = expanded. 

1 if Kind(-u) = or-node then 

2 if some successors of v have status sat then Status(y) := sat 

3 else if all successors of v have status unsat then Status (v) := unsat 

4 else if a successor of v has status incomplete then Apply ((conv), v) 

5 else // Kind(u) = and-node 

6 if all successors of v have status sat then Status (v) := sat 

7 else if some successors of v have status unsat then Status (v) := unsat 



Procedure PropagateStatus(v) 
Global data: a rooted graph (V,E,v). 

Input: a node v £ V with Status (v) G {incomplete, unsat, sat}. 

1 foreach predecessor u of v with Status (u) = expanded do 

2 UpdateStatus(w); 

3 if Status(u) G {incomplete, unsat, sat} then PropagateStatus(it) 



3. If v is a state then Label(v) PI RFmls(v) = and Label(v) does not contain formulas of the 
form ip A ip, ip V t/j, [a]ip, [A, q]ip, □(^?)(^, (A, q)ip or (/3)<p with (3 £ E. 

4- (a) Label(v) is L-equivalent to Label(v) U RFmls(v) 

(b) Label(v) \ RFmls(v) is L-equivalent to Label(v) U RFmls(v). 

Furthermore, the graph G has no more than 2°^ nodes and can be constructed in 2°^ steps. 

Proof. Clearly, n is polynomial in k.h.l. The assertions [T][3] should be clear. The assertion 2] 
can be proved by induction in a straightforward way. Since global state caching is used, by 
assertion [H G has no more than 2°( n ) states. Similarly, since global caching is used for the local 
graphs of non-states, the local graph of each non-state has no more than 2°^ nodes. Hence, G 
has no more than 2°^ nodes. Each node of the graph may be re-expanded at most once, using 
the rule {conv). Expansion of a node can be done in polynomial time in the size of the graph. 
Hence the graph can be constructed in 2°^ steps. < 

A marking of a CL-tableau G is a subgraph G m of G such that: 

— the root of G is the root of G m 

— if v is a node of G m and is an "or"-node of G then at least one edge (v,w) of G is an edge 
of G m 

— if v is a node of G m and is an "and"-node of G then every edge (v, w) of G is an edge of G m 

— if (v, w) is an edge of G m then v and w are nodes of G m . 
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(a) 



(1): (forming-state) 



(b) 



(1): (forming-state) 



W(p a [e]-.p) 



(2): (trans) 




lehp) 



(3): (A) 

p a [e]-ip 



(4): (auto) 

p, [eHp 



(5): 


([A]) 


P, [A e ,0]-ip 






(6): 


([A]) 



P, n CT -[A e ,0]-p, 
□ a [A e ,l]-.p 



(2): (trans) 


M(pA 
incorr 


lehp) 

plete 

[A e ,0hp 



(3): (A) 

p a [g]-.p 



(4): (auto) 

p, [e]-<p 



(5): ([A]) 
p, [A e ,0]-.p 



(6): ([A]) 

p,n a _[A e ,0hp, 
□ CT [A e , l]-.p 



Fig. 1. An illustration for Example 13.21 part I. The graph (a) is the "and-or" graph constructed until checking 
"compatibility" of the node (6) w.r.t. to the node (1). In each node, we display the name of the rule expanding 
the node and the formulas of the label of the node. The attribute DFmls of each of the displayed nodes is an 
empty set. The node (2) is the only state. As an example, we have StatePred((6)) = (2), ATPred((6)) = (3) and 
CELabel((3)) = (a)(pA [g]^p). Since D a - [A e , 0]-ip € Label ((6)), Status{{2)) is set to incomplete and FmlSC({2)) 
is set to [A e ,0]-ip. This results in the graph (b). The construction is then continued by applying the rule (conv) 
to (1) and deleting the nodes (3)-(6). See Figure [5]for the continuation. 
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(2): (trans) 

(cr)(p A [e]-.p) 
incomplete 

FmlSC : [A 8 ,0]-.p 



(7): 


([A]) 


W(pA[eh P ), [A e ,obp 







(8): (forming-state) 



(<t)(p a [ e ]-.p) 

£>Fm/s : [A e , 0]^p 



(9): (forming-state) 



W(?A[fhp), 

□ CT _[A e ,0]-p, n CT [A c ,l]- 



(14): (trans) 



W(pA[s]-j) 
DFmls : [A e , 0}^p 







(10): (trans) 


(o-)(p a [e]-.p), 


□ CT _[A e ,0]^ 


, □ CT [A ff ,l]-.p 



(15): (A) 

p a [e]-.p 



(11): (A) 

p a [ e ]-, P , [A e , i]-.p 



(16): (auta) 

p, [q]-*p 



(12): ([A]) 


p, [q]-v, 


[A e ,l]-p 



(17): ([A]) 
p, [A fi ,0]-.p 



(13) 
p, [ehp, -*p 

unsat 



(18): ([A]) 

p,n CT _[A e ,0]^p, 
□ CT [A e ,l]-p 
unsat 



Fig. 2. An illustration for Example 13.21 part II. This is a fully expanded "and-or" graph for ({{cr)(p A [f?] - ^)}, 0) 
w.r.t. CL. The node (1) is re-expanded by the rule (conv). As in the part I, in each node we display the name of 
the rule expanding the node and the formulas of the label of the node. We display also the attribute DFmls of 
the nodes (8) and (9). This attribute of any other node is an empty set. The nodes (2), (10) and (14) are the only 
states. The node (13) receives status unsat because {p,^p} C Label((13)). After that the nodes (12)-(7) receive 
status unsat in subsequent steps. The node (18) receives status unsat because [A e ,0]-ip £ DFmls((14:)). After that 
the nodes (17)-(14), (8), (1) receive status unsat in subsequent steps. 
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Let G be a CL-tableau for (X, T), G m be a marking of G, v be a node of G m , and (A, q)ip 
be a formula of Label(v). A irace of (A, q)(p in G m starting from v is a sequence (fo,^o) 5 • • • , 
(vki^fk) such that: 

— vq = v and ipo = {A, q)ip 

— for every 1 < i < k, (vi-i,Vi) is an edge of G m 

— for every 1 < i < k, (pi is a formula of Label(vi) such that 

• if is not a principal formula of the tableau rule expanding Vi-± then the rule must 
be a static rule and (fi = <*Pi-\ 

• else if the rule is ((A)) or ((A)j) then ipi-i is of the form (A,q')(p and ipi is the formula 
obtained from 

• else if the rule is (O?) then </?j_i is of the form (ip?)(A, q')ip and <pi = (A, q')ip 

• else the rule is (trans), (fi-i is of the form (a){A, q')ip and is the coming edge label of 
Vi, and (fi = (A,q')ip. 

A trace (vq, (fo), • • • , (ffe, <Pk) oi (A, q)<p in a marking G m is called a O -realization in G m for 
(A,q)ip at v Q if (p k = (p. 

A marking G m of a CL-tableau G is consistent if: 

local consistency: G m does not contain nodes with status unsat; and 

global consistency: for every node v of G m , every formula (A,q)ip of Label(v) has a O- 
realization (starting from v) in G m . 

Theorem 3.4 (Soundness and Completeness). Let S be a symmetric regular semi-Thue 
system over U, A be the mapping specifying the finite automata of S, and L be the CPDL reg 
logic corresponding to S. Let X and r be finite sets of formulas in NCNF of the base language, 
and G be a CL-tableau for (X,r). Then X is L-satisfiable w.r.t. the set r of global assumptions 
iff G has a consistent marking. 

4 Proofs of Soundness and Completeness 

Let G be a CL-tableau for (X,T). For each v G V with Status(v) G {incomplete, unsat, sat}, 
let DSTimeStamp(v) be the step number at which Status (v) is changed to its final value (i.e. 
determined to be incomplete, unsat or sat). DSTimeStamp stands for "determined-status times- 
tamp" . 

4.1 Soundness 

Lemma 4.1. Let G = (V, E, u) be a CL-tableau for (X, r). Then no node with status incomplete 
is reachable from v . 

Proof. By Steps 4, 25, 26 of procedure Apply and Step 4 of procedure UpdateStatus. < 

Lemma 4.2. If a non-state v has w\, . . . , Wk as all the successors then, for every L-model M 
and every x G A M , we have that M,x \= FullLabel(w) iff there exists 1 < % < k such that 
M,x \= FullLabel^). < 

The proof of this lemma is straightforward. 

Lemma 4.3. Let G = (V,E,v) be a CL-tableau for (X , T) . Letv G V be a node with Status (v) = 
unsat. Then: 

— case Type{y) = state : FullLabel(w) is L-unsatisfiable w.r.t. T 

— case Type{y) = non-state and StatePred{y) = null : FullLabel(f) is L-unsatisfiable w.r.t. T 
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— case Type(v) = non-state and vq = StatePred(v) 7^ null : there are no L-model M and 
x,y G A M such that M validates r, (x,y) G o~ M , M,x \= FullLabel(t>o) and M,y \= 
FullLabel(i>) ; where v\ = ATPred(v) and CELabel{vi) is of the form (cr)ifj. 

Proof. We prove this by induction on DSTimeStamp(v) . 

If _L G Label(v) or there exists {f,p} C Label(v) then FullLabel(u ) is clearly L-unsatisfiable 
w.r.t. r. So, in the rest of this proof, we exclude this case. 

Consider the case when Type(v) = state. 

We have that Kind(w) = and-node. There exists a successor w of v with Status(w) = unsat 
and DSTimeStamp(w) < DSTimeStamp(v). By the inductive assumption, FullLabel(u;) is L- 
unsatisfiable w.r.t. r. Since DFmls(w) = 0, by assertion HI of Lemma 13. 3] it follows that Label{w) 
is L-unsatisfiable w.r.t. r. Hence Label(v) and FullLabel(u) are L-unsatisfiable w.r.t. L. 

Consider the case when Type{v) = non-state and StatePred(v) = null. 

We have that Kind(w) = or-node. Let w±, . . . ,Wk be all the successors of v. We must have 
that, for all 1 < i < k, Status(wi) = unsat and DSTimeStamp(wi) < DSTimeStamp(v). By 
the inductive assumption, for all 1 < i < k, FullLabel(wj) is L-unsatisfiable w.r.t. L. By 
Lemma 14.21 FullLabel(f) is L-unsatisfiable w.r.t. L. 

Consider the case when Type(v) = non-state and vq = StatePred(v) ^ null. 

— Case when v has a successor w being a state: The node v must be expanded by the rule 
(forming-state). Since w is the only successor of v, it must be that Status(w) = unsat and 
DSTimeStamp(w) < DSTimeStamp(y). By the inductive assumption, FullLabel(ti;) is L- 
unsatisfiable w.r.t. L. Hence FullLabel(i>) = FullLabel(u>) is also L-unsatisfiable w.r.t. L. 

— Case when v has a successor and all the successors wi,...,Wk of v are non-states. 

• If Status (v) was set to unsat by Step 20 of procedure Apply (with w = v) then, for 
vi = ATPred(v), CELabel(v\) is of the form (cr)ip, Label(v) contains a formula of the 
form ip and <p ^ AFmls(fo), '■P G DFmls(vo). For the sake of contradiction, suppose 
that there exist an L-model M and x,y € A M such that M validates L, (x,y) € a M , 
M,x \= FullLabel(uo) and M,y \= FullLabel(t;). Since D^- tp G Label (v), it follows that 
M,y \= n a -<p, and hence M,x \= p. This contradicts the facts that ip G DFmls(vo) and 
M,x \= FullLabel(t;o). 

• Consider the remaining case. It must be that, for all 1 < i < k, Status(wi) = unsat and 
DSTimeStamp(wi) < DSTimeStamp(v). By the inductive assumption, for all 1 < i < k, 
FullLabel(u;j) is L-unsatisfiable w.r.t. L. By Lemma [4.2l FullLabel(w) is L-unsatisfiable 

w.r.t. r. < 

Lemma 4.4 (Soundness). Let G = (V,E,i>) be a CL-tableau for (X,r). Suppose that X is 
L-satisfiable w.r.t. the set L of global assumptions. Then G has a consistent marking. 

Proof. Since Type(v) = non-state, Label(v) = X U L and DFmls(v) = 0, we have that 
FullLabel(^) is L-satisfiable w.r.t. L. Let M be an L-model validating L and let r be a state 
of M such that M,r |= FullLabel(z/). 

Observe that, for any v G V and any x G A M , if M,x \= FullLabel(v) then: 

— if v is a non-state then v has a successor w such that M, x \= FullLabel(w) (by Lemma l4.2p 

— if v is a state then, for every successor w of v with CELabeUw) of the form (o~)ip, there exists 
y G A M such that (x, y) G a M and M,y \= FullLabel(ti;)0 

Therefore, starting from u G V and r G A M it is straightforward to construct a marking G m of 
G together with a map g that associates each edge (v, w) of G m with a pair (x,y) G A M x A M 
such that: 

— if v is a non-state then x = y 



6 Note that CELabel(w) £ Label(v). 
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— if v is a state and CELabel(w) is of the form (a)'ip then (x, y) G a 

- M,x\= FullLabelO) and M,y \= FullLabel(u>). 

By Lemma \%~3\ for every node v of G m , Status(v) ^ unsat. Therefore, G m satisfies the local 
consistency property. We now show that G m satisfies the global consistency property. Let vq 
be a node of G m and let (A,q)(p G Label(vo). We show that (A, q)ip has a O-realization in G m 
starting from vq. By the map g, there exists u G A M such that M,u \= FullLabel(fo)- Thus 
M,u \= {A,q)<p and therefore, 

there exist a word 7 = u?i . . . ui^ G £((A, q)) with k > 0, an 

accepting run qo = q, qi, • • • , % of (A, q) on 7, and states 

no = u, iii, . . . , Mfe of M such that M,Uk \= </? and, for (2) 

1 < i < k, if u?j G Z 1 then (ui-\,Ui) G w^, else Wj is of the 

form (ipi?) and Uj_i = Uj G V\ M - 

We construct a O-realization (^o, V?o)> ••• > (, v hi<ph) m Gm for {A,q)cp at and a map / : 
{0, . . . , h} — > {0, . . . , k} such that /(0) = 0, f(h) = k, and for every < i < h, if /(«) = j then 
f(i + 1) is either j or j + 1. We maintain the following invariants for < i < h : 

- the sequence (vo, tpo), . . . , {vi, ipi) is a trace of (A, q)(p in G m (3) 

- FullLabel(vj) is satisfied at the state Ufa) of M (4) 

- if f(i) = j < k then ipi = {A,qj)ip or <pi = {uj j+1 ){A,q j+1 )(p (5) 

- if f(i) = k then ipi = {A, q k )ip or (pi = <p>. (6) 

With <po = (A,qo)ip and /(0) = 0, the invariants clearly hold for i = 0. 
Set « := 0. While ^ / ip do: 

1. Set j := f{i). 

2. Case is expanded using a static rule p and tpi is the principal formula: 

(a) Case j < k : Since p is a static rule, by the invariant ([5]), we must have tpi = (A,qj)<p or 
<Pi = (uj j+1 ){A,q j+1 )ip with uj j+1 = (ipj+i?). 

Consider the case ipi = (A,qj)tp. The applied rule p is thus either ((A)) or ((A)j). Let 
ipi+i = (ujj + i)(A, qj + i)(p and let vi + \ be the successor of V{ with replacing tpi. By ([2]), 
^i+l is satisfied at Uj in M, and hence, by the invariant @, FullLabel(vj + i) is satisfied 
at Uj in M. Let /(i + 1) = j and set « := i + 1. Clearly, the invariants still hold. 

Now consider the case ipi = (ujj + i)(A,qj + i)ip with tOj+i = (ipj+\?). The applied rule p 
is thus (O?). Let 994+1 = (A, qj + i)(p and let be the only successor of v; L . By (j2J), 
both V'j+i an d {A,qj+i)tp are satisfied at Uj in M, and hence, by the invariant (UJ), 
FullLabel(t)j + i) is satisfied at Uj = Uj+i in M. Let /(i + 1) = j + 1 and set i := i + 1. 
Clearly, the invariants still hold. 

(b) Case j = k : Since (pi ^ (p, by the invariant ([6|), we have that cpi = {A,qk)(p. Hence 
p = ((A) f) (since q k G Fa)- Let tfi+i = <p> and let Vi + \ be the successor of V{ with 
9?i + i replacing tp^. By ([2]), c^^ + i is satisfied at Uk in M, and hence, by the invariant (UJ), 
FullLabel(ui+i) is satisfied at u k in M. Let f(i + 1) = k and set i := i + 1. Clearly, the 
invariants still hold. 

3. Case Vi is expanded using a static rule p and either p does not have principal formulas or ipi 
is not the principal formula: 

— Case p does not have principal formulas or the principal formula is not of the form 
{A', q')(p': Let (pi+i = fi and f(i + 1) = f(i) = j. Let Vi+i be the successor of Vi such that 
(vi,Vi + \) is an edge of G m and FullLabel(uj + i) is satisfied at the state Ufr i+ i\ of M. Such 
a node Uj+i exists because FullLabel(tij) is satisfied at the state Ufu\ = Uj = Ufu + ^\ of 
M. By setting i := i + 1, all the invariants ©-([SI) still hold. 
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— Case p has the principal formula of the form (A 1 , q')<p': During a sequence of applications 
of static rules between two applications of the transitional rule, proceed as for realizing 
(A',q')(p' in G m (like for the current O-realization of (A, q)(p in G m at Vq). This decides 
how to choose Uj+i and has effects on terminating the trace (to obtain a O-realization 
for (A,q)(p in G m at vq). We also choose <Pi+i = fi and f(i + 1) = f(i) = j. By setting 
i := i + 1, all the invariants ©-([B]) still hold. 
4. Case Vi is expanded using the transitional rule: 

Since is a state and <pi ^ (p, by the invariants (0) and ©, we must have that (fi = 
(ujj + i)(A,qj + i)tp with Wj+i G X 1 . Let Vi + \ be the successor of vi with CELabel{vi + \) = (fi. 
Let </?j + i = (A, qj + i)ip and /(i + 1) = j + 1. Clearly, the invariant ([3D holds for i + 1. By ([5]), 
</?i+i is satisfied at the state Uj+i of M. By the invariant the other formulas of Label(vi+i) 
are also satisfied at the state Uj+\ of M. That is, the invariant dU holds for i + 1. Clearly, 
the invariants ([5]) and ([6]) remain true after increasing i by 1. So, by setting i := i + 1, all 
the invariants ©-([6]) still hold. 

We now show that the loop terminates. Observe that any sequence of applications of static 
rules that contribute to the trace (vq, cpo), . . . , (v{, <p>{) of (A, q)ip in G m eventually ends because: 

— each formula not of the forms (A',q')ip' and (tp'?)ip' may be reduced at most once 

— each formula of the form (ijj'^ip' is reduced to ip' and ip' 

— each formula of the form (^4', q')ip' is reduced according to some O-realization. 

That is, sooner or later either ipi = ip or V{ is a node that is expanded by the transitional 
rule. In the second case, if f(i) = j then f(i + 1) = j + 1. As the image of / is {0, ... , k}, the 
construction of the trace must end at some step (with p>i = ip) and we obtain a O-realization in 
G m for (A,q)ip at vo. < 

4.2 Model Graphs 

We will prove completeness of CL via model graphs |25|lU|19|22|21j . 

Definition 4.5. A model graph (also known as a Hintikka structure) is a tuple (W, R, H), where 
W is a set of nodes, R is a mapping that associates each a € U with a binary relation R a on 
W, and H is a mapping that associates each node of W with a set of formulas. < 

We use model graphs merely as data structures, but we are interested in consistent and 
saturated model graphs as defined below. Model graphs differ from "and-or" graphs in that 
a model graph contains only "and"-nodes and its edges are labeled by simple programs. Roughly 
speaking, given an "and-or" graph G with a consistent marking G m , to construct a model graph 
one can stick together the nodes in a "saturation path" of a node of G m to create a node for 
the model graph. Details will be given later. 

A trace of a formula (A,q)(p at a node in a model graph is defined analogously as for the 
case of "and-or" graphs, as stated in the following definition. 

Definition 4.6. Given a model graph M = (W, R, H) and a node v € W, a trace of a formula 
(A, q)ip £ H(v) (starting from v ) is a sequence (vq, ipo), . . . , (vk, <Pk) such that: 

— v = v and cp = (A, q)(p, 

— for every 1 < i < k, ipi € H(vi), 

— for every 1 < i < k, if Vi = Vi-\ then: 

• ipi-i is of the form (^4, q')ip and ipi = (ui) (A, q")(p for some u and q" such that (q' , w, q") € 
5a, or 

• (pi-i is of the form (A, q')ip with q' € i^, = V 7 ) an d i = k, or 

• is of the form (ip?)(A,q')(p and ^ = (A,q')<p 
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— for every 1 < i < k, if Vi ^ then (fi-i is of the form (a){A,q')(p, a G S, tpi = (A,q')(p, 
and {vi-^Vi) G 

A trace (vo,vo)) ••• j ( v ki¥k) °f {A,q)(p in a model graph M is called a ^-realization for 

(A, 9)99 at t> if Vfc = </>■ < 

Similarly as for markings of "and-or" graphs, we define the consistency of a model graph as 
follows. 

Definition 4.7. A model graph M = (W,R,H) is consistent if: 

— local consistency: for every v G W, contains neither _L nor a clashing pair of the form 
p and ->p ; and 

— global consistency: for every u G W, every formula (.A, q)(p of has a O-realization (at v). 

< 

Definition 4.8. A model graph M = (W, R, H) is said to be CL-saturated if the following 
conditions hold for every v G W and every ip G H(v): 

— if ip = ip A £ then {ip, £} C 

— if 99 = ip V £ then ^ G or £ G 

— if 93=[a]-0 and I Aq ={g 1; . . . ,g fc } then {[A CT , <?i]V>, [A CT , q k ]tp} cH(v) 

— if ip = [A,q]ip and S A (q) = • • • , (^fc,<?fc)} then 

{□ Wl [A, g x ]^, . . . , [A, q k ]^} C 

— if <f = [A, q\ip and q G -Fa then G i?(i>) 

— if 99 = then £ G or G 

— if 99 = (a)^, a ^ X 1 , a is not a test and 4„ = {91, ■ ■ • , qk} then 

one of the formulas (A a , qi)tp, . ■ . , (A a , qk)ip belongs to H{y) 
-i£<p= (&)il> then £ G 

— if ip = (cr)ip then there exists w such that R a (v,w) and -0 G H(w) 

— if 99 = and R a (v,w) holds then ^ G H(w) 

— if 99 = □ cr '0 and i2 CT - (u, u) holds then ■0 G H(u). < 

Definition 4.9. Given a model graph M = (W,R,H), the L-model corresponding to M is the 
Kripke model W such that A M> = W , p M ' = {w e W \ p e H(w)} for p G PftOT 7 , £ M ' = R' Q 
for £> G 27 + , where R' a for cr G 27 are the smallest binary relations on W such that: 

— R a C i?^ and = (i?^.) -1 for every a G 17, and 

— if <t — >• gi . . . f?fcG 5", where 5 is the symmetric regular semi-Thue system of L, then R' e o 

The smallest binary relations mentioned in the above definition exist because: 

— R' a _ = (K)- 1 iff (R'^)- 1 C ^ and (R' a )^ C 

— an expression of the form i? 1 C it!' is equivalent to Vx,y(R(y,x) — > R'(x,y)) 

— an expression of the form R\ o ■ ■ ■ o ii^ C i?' is equivalent to 

Vx , ■■■ ,x h (Ri(x ,xi) A ... A R h (x h -i,x h ) -t R'(x ,x h )) 

— a set of first-order program clauses like the ones listed above is called a Datalog program 
and always has the smallest model. 

Define the NCNF of ->n a ip to be (o)Tp. Recall that the NCNF of ->[a]<p, ->{a)cp, ->[A,q]ip, 
->(A,q)(p are (a)Tp, [&]iPi (A?)^) [A?]^) respectively. 

7 The condition tp G is taken care of by the global consistency. 

8 Note that the symmetry of S is essential here. 
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Lemma 4.10. Let M = {W,R,H) be a consistent and CL-saturated model graph and let M' 
be the L-model corresponding to M. Then, for any w G W, if M',w \= tp or tp G H(w) then 
Tp £ H(w). 

Proof. By induction on the structure of tp, using the global consistency. < 

Lemma 4.11. Let a be a program, q G Qa^, an d 7 G £((A a ,g)). If the rule a — > Qi . . . Qk 
belongs to S then replacing any occurrence of a in 7 by q\ . . . q/. results in 7' G £((A a , q)). 

Proof This lemma follows from the observation that: if a — > Qi ■ ■ ■ Qk G S, Q G S, and 72 G 
C(A g ), then replacing any occurrence of a in 72 by q\ . . . Qk results in j' 2 G C{A e ). < 

The following lemma is the main result of this subsection. 

Lemma 4.12. Let X and r be finite sets of formulas in NCNF of the base language, and let 
M = {W,R,H) be a consistent and CL-saturated model graph such that r C H{w), for all 
w G W , and X C H(t), for some r G W . Then the L-model M' corresponding to M validates 
T and satisfies X at r. 

Proof. Observer that: 

- if [A,q]ip£H(w) and R a (w,w') and 5 A (q,o-,q') then [A,q']ipeH(w') (7) 

- if [A,q]ipeH(w) and R a 4w',w) and S A (q,a,q r ) then [A, q']ip G H(w'). (8) 

These assertions hold because: 

- if [A,q]ip G H(w) and 5A(q,v,q') holds then a a [A,q']ip G 

- if n a [A,q']tp G ff(u;) and R a (w,w') holds then G JT(«/) 

- if a a [A,q']ip G ff(u;) and R cr ~(w',w) holds then [A, q'jif) G JT(«/). 

Using induction on the construction of tp, we now prove that for any u G W, 
if <p G and 99 is a formula of the base language then M',u \= cp. Assume that tp G H{u). 

The only non-trivial cases are when 

tp = [a]ip, or (9) 
<p = (a) if), where a ^ E and a is not a test. (10) 

Consider the case Q and let q G Ia„' By Lemma 13.11 it suffices to show that M',u \= 
[A a , q]ip. Since M is CL-saturated and tp G H{u), we have that [A a , q\ip G H(u). Let v £ W be 
a node such that (u,v) G (A a ,q) M . We show that ?/? G H(v). By the construction of M' and 
Lemma T4.111 there exist a word wi . . . uik G £((A a , g)) and elements w$, . . . , Wk of W such that 
wo = u, Wk = v, and for every 1 < i < k : 

Ui G S and R Wi (wi-i,Wi) or R - (wi, wi-i) holds, or (11) 

i 

Ui is of the form (£j?) and itfj-i = 10* G (12) 

Let qo = q, qi, . . . , qk be an accepting run of (A a ,q) on the word lo\ . . .tok- We have that 
Qk £ FA a - We prove by an inner induction on < i < k that [A a ,qi]ip G H(wi). The base 
case i = clearly holds. Inductively, assume that 1 < i < k and [A a , qi-i]ift G H(wi-x). If 
(fTT]) holds then, by (TTj) and ©, it follows that [A a ,g^ G ff(wj). Suppose that (0 holds. 
Since [A a , qi—i]ip G H{wi-\) and M is CL-saturated, we have that □^?)[A a , qi\ip G H(wi-\). 
Since M' ,Wi-\ \= by Lemma T4.101 ^ H{wi-\). Since M is CL-saturated, it follows that 
[A Q ,gj]^ G H(wi-i). Since = we also have that [A a ,qi]ip G H(wi). This completes the 
inner induction. As a consequence, [A Q , qk]tp G H(wk). Since % G and v = Wk, it follows that 
tp G H(v). By the inductive assumption, we have that M',v \= ip. Therefore M',u \= [A a ,g]^. 
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Consider the case (fTUj) . Since M is CL-saturated, there exists q E I& a such that {A a ,q)tp € 
H(u). By Lemma [37TT it suffices to show that M',u \= (A a ,q)ip. Since (A a ,q)ip € H(u), by the 
global consistency of M, there exist an accepting run qo = q, qx, . . . , q^ of (A a , g) on a word 
wi...cjfc and nodes wq = u, wi, . . . , wj. of M such that tp € H(wk) and, for 1 < 2 < A;, 
(A a ,qi)ip G H(wi) and if € X 1 then i? Wi (u;j_i, u>j) holds, else is of the form (£j?) and 
= and (£,{!) (A a ,qi)il) € H{wi^\). Since M is CL-saturated, in the case oji = (£j?) we 
have that £j € H(wi-\), and by the inductive assumption, it follows that M',w^i \= Hence 
(u>o, Wfe) € (A a , q) . Since £ H(wk), by the inductive assumption, we have that M', |= ■0. 
Hence M',-wo |= {A a ,q)ijj. That is, M',u |= (A a ,q)ip. This completes the proof. < 

4.3 Completeness 

Definition 4.13. Let G be a CL-tableau for (X,T), G m be a consistent marking of a G, and 
f be a node of G m . A saturation path of v w.r.t. G m is a finite sequence Vq = v, v%, . . . , V}. of 
nodes of G m , with k > 0, such that, for every < i < k, V{ is a non-state and is an 

edge of G m , and Vk is a state. < 

Lemma AAA. Let G be a CL-tableau for (X, r) with a consistent marking G m . Then each node 
v of G m has a saturation path w.r.t. G m . 

Proof. We construct a saturation path vq, Vi, . . . of v w.r.t. G m as follows. Set vq := v and i := 0. 
While Vi is not a state do: 

— If the principal of the static rule expanding «j is not of the form (A, q)ip then let be any 
successor of Vi that belongs to G m and set i := i + 1. 

— If the principal of the static rule expanding V{ is of the form (A,q)<p then: 

• let Ui+ij . . . , fj be the longest sequence of non-states of G m such that there exist formulas 
(fi+l, (fj such that the sequence (v{,ifi), (vj,(fj) is a prefix of a (fixed) O- 
realization in G m for (A, q)ip at v jj 

• set i := j. 

The loop terminates because: 

— each formula not of the forms (A, q)(p and {ipt)(p may be reduced at most once 

— each formula of the form {ip7)tp is reduced to ip and (p 

— each formula of the form (A, q)ip is reduced according to some O-realization. < 

We are now in position to prove completeness of the calculus. 

Lemma 4.15 (Completeness). Let G be a CL-tableau for (X,T). Suppose that G has a con- 
sistent marking G m . Then X is L-satisfiable w.r.t. the set T of global assumptions. 

Proof. We construct a model graph M = (W, R, H) as follows: 

Let i>o be the root of G m and Vq, . . . , be a saturation path of vq w.r.t. G m . Set R a := for 
all a G E and set W := {r}, where r is a new node. Set further H(t) := Label(vk) U RFmls(vk). 
Mark r as unresolved and let /(r) = v^. (Each node of M will be marked either as unresolved 
or as resolved, and / will map each node of M to a state of G m .) 

While W contains unresolved nodes, take one unresolved node wo and do: 

1. For every formula (o)tp € H(wq) (with a £ U) do: 

(a) Let (fo = (cr)ip and ipi = (p. 

(b) Let «o = f(ivo) and let u% be the successor of uq such that CELabel{u\) = </?q. (As a 
maintained property of /, tio is a state, </?o S Label(uo), and therefore Af terTrans(ni) 
holds and cpi £ Label (ui).) 
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(c) If tp is of the form (A,q)ip then let (ui,c^i), . . . , (ui,tpi) to be a O-realization in G m for 
ipi at u\ and let ui, ... , u m to be a saturation path of u\ w.r.t. G m . 

(d) Else let u\, . . . , u m be a saturation path of u\ w.r.t. G m . 

(e) Let jo = < ji < . . . < j n -i < in = m be all the indices such that, for < j < m, Uj is 
a state of G iff j G {jo, . . . ,j n }- For < s < n — 1, let (ctjJ^+i = CELabel{uj s+ \). (We 
have that o"o = a.) 

(f) For 1 < s < n do: 

i. Let Z a = \J{Label(ui) U RFmls{ui) \ j s _i + 1 < i < 

ii. If there does not exist w s G W such that H(w s ) = Z s then: add a new node w s to 
W, set H(w s ) := Z a , mark w s as unresolved, and let f(w s ) = Uj s . 

hi. Add the pair (w s -\,w s ) to R (Ts _ 1 . 
2. Mark wo as resolved. 

As H is a one-to-one function and H{w) of each G is a subset of closure l(X U i -1 ), the 
above construction terminates and results in a finite model graph. 

Observe that, in the above construction we transform the chain uq, . . . ,u m of nodes of G m 
to a chain wq,..., w n of nodes of M by sticking together nodes in every saturation path. Hence, 
M is CL-saturated and satisfies the local consistency property. 

Suppose that (A',q')ip' G H(wo). Since uq is a state of the consistent marking G m , the 
formula {A',q')ip' of H(wq) must have a (finite) trace starting from wq, using only wq (as the 
first component of the pairs), and ending with a pair of the form (wq, ip') or (wq, (o~')(A' , q")ip'). 
This together with Step [1] implies that M satisfies the global consistency property. Hence, M is 
a consistent and CL-saturated model graph. 

Since Label(vo) = X U r and Label(vo) C Label(vk) U RFmls^Vk), we have that X C i?(r) 
and -T C H(r). Consider Step [H] of the construction, as Uj s _ 1 is an "and"-node and Uj s _ 1+ i is 
a successor of Uj 3 _ 1 that is created by the transitional rule, we have that Label(uj s _ 1 +i) 3 
and hence Label (v,j s ) U RFmls(uj a ) D Label '(uj a -i+i) 5 ^- Hence F C H{w s ) for every w s G IF. 
By Lemma [4. 12 1 the Kripke model corresponding to M validates r and satisfies X at r. Hence, 
X is L-satisfiable w.r.t. r. < 



5 An ExpTime Tableau Decision Procedure for CPDL re£ , 

Let G7 = (V, E 1 , i^) be a CL-tableau for (X, i -1 ) and G m be a marking of G. The graph Gt of traces 
of G m in G is defined as follows: 

— nodes of Gt are pairs (v, tp), where v G V and if G Label(v) 

— a pair ((u , ip), (w, il))) is an edge of Gt if v is a node of G m , (p is of the form (A, q)£ or 

and the sequence (v, y), (w,tp) is a subsequence of a trace in G m . 

A node (v, tp) of G< is an end node if tp is a formula of the base language. A node of Gt is 
productive if there is a path connecting it to an end node. 

Algorithm [1] (given on page [22]) is a simple ExpTime algorithm for checking L-satisfiability 
of X w.r.t. r. 

Lemma 5.1. Let h = \U\ and let k be the sum of the sizes of the automata A a (for a G U), 
and I be the size o/IUf. Then Algorithm^ for X, F, A runs in 2°^ steps, where n be the 
size of closure l{X U r) and is polynomial in k.h.l. 

Proof. By Lemma 13.3] n is polynomial in k.h.l and the graph G has 2°( n ) nodes and can be 
constructed in 2°( n \ For each node v of G, Label(v) C closure l(X U r). Constructing graphs of 
traces and updating statuses of nodes can be done in polynomial time in the size of G. Hence, 
totally, Algorithm [1] runs in 2°^ steps. < 
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Algorithm 1: for checking L-satisfiability of X w.r.t. r. 

Input: finite sets X and F of formulas in NCNF of the base language, the mapping A specifying the 

finite automata of the symmetric regular semi-Thue system of the considered CPDL re9 logic L 
Output: true if X is L-satisfiable w.r.t. r, and false otherwise 

1 let G = (V, E, v) be the CT^tableau constructed by Tableau(X, _T) (using A); 

2 while Status(y) 7^ unsat do 

3 let G m be the subgraph of G induced by the nodes with status different from unsat and incomplete; 
/* we have that G m is a marking of G */ 

4 construct the graph Gt of traces of G m in G; 

5 if there exist a node v of G m and a formula {A,q)ip £ Label(v) such that (v, {A,q)ip) is not a 
productive node of Gt then 

6 J Status (v) := unsat, PropagateStatus(w) 

7 else return true 

8 return false; 



Theorem 5.2. Let S be a symmetric regular semi-Thue system over S, A be the mapping 
specifying the finite automata of S, and L be the CPDL reg logic corresponding to S. Let X and 
r be finite sets of formulas in NCNF of the base language. Then Algorithm^ is an ExpTime 
(optimal) decision procedure for checking whether X is L-satisfiable w.r.t. the set T of global 
assumptions. 

Proof. It is straightforward to prove by induction that the algorithm has the invariant that 
a consistent marking of G cannot contain any node with status unsat. For the base step, use 
Theorem 13.41 and the local consistency property. For the induction step, use Theorem 13.41 and 
the global consistency property. 

The algorithm returns false only when Status{v) = unsat, i.e., only when G does not have 
any consistent marking. At Step 7, G m is a consistent marking of G. That is, the algorithm 
returns true only when G has a consistent marking. Therefore, by Theorem 13.41 Algorithm Q] is 
a decision procedure for the considered problem. The complexity was established by Lemma [5. 11 

< 

Clearly, one may modify procedure Tableau to make it stop as soon as Status {y) = unsat. 
We excluded this condition just to formalize and prove Theorem 13.41 but it does not affect 
correctness of Theorem 15.21 

6 Checking Global Consistency On-the-Fly 

Observe that Algorithm Q] first constructs a CL-tableau and then checks whether the tableau 
contains a consistent marking. To speed up the performance these two tasks can be done con- 
currently. For this we can update G m and Gt during the construction of G and detect and 
propagate unsat (and sat) on-the-fly using both the local and global consistency properties as 
discussed below. 

For nodes (v, (p) of the graph of traces Gt, define SemiEndNodes(v, 99) to be the smallest sets 
of nodes of Gt that satisfy the following conditions: 

— if (v,(p) is an end node of Gt or Status (v) € {unexpanded, sat} then 

SemiEndNodes(v,if) = {(v,ip)}, 

— else SemiEndNodes(v,ip) = \J {SemiEndNodes(w,?p) \ (w,tp) is a successor of (v,(p) in Gt 
different from (v, if)} \ {(v, if)}. 

Observe that, during the construction of G and Gt, if SemiEndNodes(v,f) = then (v,f) 
is not and will never be a productive node of Gt and hence Status (v) can be set to unsat. 
Furthermore, at the end (i.e., when G is a full "and-or" graph, G m is the subgraph of G induced 
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by the nodes with status different from unsat and incomplete, and Gt is the graph of traces of 
G m in G), if a node (v,tp) of Gt has SemiEndNodes(v, (p) ^ then (v, (p) is a productive node 
ofG t . 

An improved ExpTime tableau decision procedure for checking L-satisfiability of X w.r.t. r 
is as follows. During the construction of a CL-tableau for (X, r): 

— let G = (V, E, v) be the current (partial) "and-or" graph; 

— update G m on-the-fly so that it is the subgraph of G induced by the nodes with status 
different from unsat and incomplete; 

— update Gt on-the-fly so that it is the graph of traces of G m in G; 

— update SemiEndNodes(v,ip) on-the-fly for nodes (v,p) of Gt as follows: 

• when a new node v with status unexpanded is created for G, for every node (v, ip) created 
for Gt, set SemiEndNodes(v, p) := {(v,p)}, 

• when a node v of G receives status sat, for every node (v,p) of Gt, set 
SemiEndNodes(v,ip) := {(v,ip)}, 

• when a node v of G is expanded and receives status expanded, 

* for every end node (v,p) of Gt, set SemiEndNodes{v,p) := {(v,ip)}, 

* for every non-end node (v,p) of Gt, set 

SemiEndNodes(v, p) := \J {SemiEndNodes(w,ip) \ {w,ip) is a successor , . 
of (v,p) in Gt different from (v,p)} \ {(v,ip)}; 

• when a node (w,ip) of Gt has SemiEndNodes{w,ip) changed, for every predecessor (v,p) 
of (w,ip) in Gt, update SemiEndNodes(v, p) by ([13]) : 

• when a node w of G receives status unsat or incomplete or is deleted, for every node (v , p) 
of Gt that is a predecessor of some (w,ip), update SemiEndNodes(v, ip) by (fl3|) ; 

— when a node (v,p) of Gt receives SemiEndNodes(v, p) = 0, set Status(v) := unsat and 
execute PropagateStatus(v); 

— when the root v of G receives status unsat, return false (which means X is not L-satisfiable 
w.r.t. -T); 

— at the end (not terminated as in the above case), return true (which means X is L-satisfiable 
w.r.t. r). 

See also |20| for other possible optimization techniques, which have been implemented and 
evaluated for the description logic ACC. 

7 Conclusions 

As discussed in the introduction, translating the general satisfiability checking problem in 
CPDL reg into the satisfiability checking problem in CPDL may increase the complexity (and 
may decrease efficiency). Therefore, the direct approach for automated reasoning in CPDLy e p is 
worth studying. 

In this paper we have given a tableau calculus and the first cut-free ExpTime tableau decision 
procedure for checking satisfiability in the logic CPDL reg . Our decision procedure uses global 
caching for states and local caching for non-states in tableaux. In comparison with the tableau 
calculus given in our joint papers |6|8j for CPDL reff , the tableau calculus given in the current 
paper is essentially better since it is cut-free. Furthermore, we have explicitly incorporated 
on-the-fly propagation of local (in) consistency into the latter calculus and the corresponding 
decision procedure. We have also discussed how on-the-fly propagation of global (in) consistency 
can be incorporated into the tableau decision procedure. 

When restricted to REG C , our tableau decision procedure is much better than the one pro- 
posed by us and Szalas in [22] for REG C , as it does not use cuts and it does not have to check 
the global consistency property (this is an effect of cut elimination). 
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On technical matters, apart from global caching of states as in the works |14|15] by Gore 
and Widmann, we allow to cache also non-states. We apply global caching for nodes in the 
local graphs of non-states v satisfying Af terTrans(-u). Such local graphs in |14|15] are trees. We 
propose not to delay solving incompatibility w.r.t. converse as long as in |14|15j 1 One can solve 
incompatibility w.r.t. converse as soon as possible as done in this paper. By giving a higher 
priority to the current branch even when it involves converse we can further favor depth-first 
search. 
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Recall the example with {p, {a)[a ]^p, [a]((pi V qi) A . . . A (p n V(j„))}. 



